warn-no-info
Aucune information trouvée dans cette catégorie
warn-no-info
Aucune information trouvée dans cette catégorie
Scan Summary :
Sévérité | Service à l'écoute | Vulnérabilités |
|---|---|---|
| http (port:80) | ||
| http (port:443) | ||
| http (port:8080) | ||
| http (port:8443) |
Scan Summary :
Impact | Description | Documentation |
|---|---|---|
| Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src="//..." | Doc Subresource Integrity. | |
| Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. | Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | |
| Cookies set without using the Secure flag or set over HTTP | OWASP Session Management Cheat Sheet. | |
| HTTP Strict Transport Security (HSTS) header set to less than six months (15768000) | Doc header Strict-Transport-Security (HSTS). |
Scan Summary :
Grade capped to A. HSTS max-age is too short
Expiration : 18/08/2023
Risk/Confidence | Name |
|---|---|
| CSP: Wildcard Directive | |
| CSP: script-src unsafe-eval | |
| CSP: script-src unsafe-inline | |
| CSP: style-src unsafe-inline | |
| Content Security Policy (CSP) Header Not Set | |
| Sub Resource Integrity Attribute Missing | |
| Cross-Domain Misconfiguration | |
| Absence of Anti-CSRF Tokens | |
| CSP: Notices | |
| Strict-Transport-Security Header Not Set | |
| Cookie No HttpOnly Flag | |
| Cookie Without Secure Flag | |
| Cookie without SameSite Attribute | |
| Cross-Domain JavaScript Source File Inclusion | |
| Permissions Policy Header Not Set | |
| Timestamp Disclosure - Unix | |
| Base64 Disclosure | |
| Modern Web Application | |
| Non-Storable Content | |
| Retrieved from Cache | |
| Session Management Response Identified | |
| Storable and Cacheable Content | |
| Information Disclosure - Suspicious Comments | |
| Loosely Scoped Cookie | |
| Re-examine Cache-control Directives |
warn-no-info
Aucune information trouvée dans cette catégorie
